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DETAILED ACTION 

1. Claims 1-28 are pending in this office action, claims 27 and 28 are newly added. 

2. Applicant's arguments, filed September 28, 2005, have been fully considered but 
they are not persuasive. 

Claim Rejections 

3. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

Claim Rejections - 35 USC § 102 

4. Claims 1. 3-5, 7, 13, 14, 17, 22, and 25 are rejected under 35 U.S.C. 102(e) as 
being anticipated by Allen et al. (U.S. Patent Publication No. 2002/0068629 A1). 

Regarding claim 1 , Allen et al. teaches a method of conducting a secure 
transaction with an on-line service while offline comprising the steps of: 

• Issuing a transaction authorization token to a user from an application server for 
the on-line service while the user is online (fig. 3 and fig. 4, ref. num 424/426); 

• Preparing an off-line transaction object containing data to specify and request the 
transaction (all of fig. 5); 

• Sending a message to the on-line service, said message containing the 
transaction object and the authorization token (fig. 6, ref. num 610 and fig. 3); 
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• Upon receipt of the message, the application server validating the token to 
authenticate the user and to authorize the transaction (fig. 6, ref. num 612); and 

• Executing the transaction object if the transaction is authorized (fig. 6, ref. num 
614/618). 

Regarding claim 3 , Allen et al. teaches wherein the token is issued to the user via 
a download operation while the user is on-line (fig. 4, ref. num 426). 

Regarding claim 4 , Allen et al. teaches wherein the user prepares the transaction 
object off-line (paragraph 0043). 

Regarding claim 5 , Allen et al. teaches wherein the on-line service comprises the 
application server, and the user requests the token for the transaction from the 
application server (fig. 4, ref. num 424/426 and paragraph 0040). 

Regarding claim 7 . Allen et al. teaches wherein the token comprises a unique 
identifier that is generated by the on-line service when the token is issued (fig. 3, ref. 
num 320). 



Regarding claim 13 , Allen et al. teaches wherein the token includes data 
representing a time period during which the token is valid (end of paragraph 0052). 
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Regarding claim 14 , Allen et al. teaches wherein the token includes data 
representing a valid access duration for the token (end of paragraph 0052). 

Regarding claim 17 . Allen et al. teaches further comprising encrypting the 
transaction object (paragraph 0040). 

Regarding claim 22 . Allen et al. teaches wherein the application server is a web- 
based application server (paragraph 0019). 

Regarding claim 25 , Allen et al. teaches further comprising authenticating the 
user with a password and a network identity while the user is accessing the on-line 
service (paragraph 0035). 

Claim Rejections - 35 USC § 103 

5. Claims 2. 6. 9-12. 15. 16. 19-21. 23. 24. and 26-28 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Allen et al. (USPGPUB '629) in view of Fischer (U.S. 
Patent Publication No. 2002/0010638 A1). 

Regarding claim 2 . Allen et al. teaches all the limitations of claim 2, above. 
However, Allen et al. does not teach wherein the token is issued to the user via an e- 
mail message sent from the application server. 
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Fischer teaches wherein the token is issued to the user via an e-mail message 
sent from the application server (paragraph 0025). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine issuing the token via an e-mail message sent from the 
application server, as taught by Fischer , with the method of Allen et al. It would have 
been obvious for such modifications because sending tokens via e-mail provides a user 
the credentials required for secure processing that can be saved and used at a later 
time. This is similar to a user signing up for a service (hotmail.com for example) and 
receiving an e-mail message with the login credentials in the e-mail message. 

Regarding claim 9 , the combination of Allen et al. in view of Fischer teaches 
wherein the application server receives an incoming message including the token, 
checks the token for validity, and accepts or rejects the token (see fig. 6, ref. num 614 of 
Allen et al.). 

Regarding claim 10 , the combination of Allen et al. in view of Fischer teaches 
wherein the message delivering the token and off-line transaction from the user to the 
application server is an e-mail message delivered to the application server via an 
asynchronous e-mail delivery method (see paragraph 0005 of Fischer). 
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Regarding claim 1 1 , the combination of Allen et al. in view of Fischer teaches 
where the asynchronous delivery mechanism is database record synchronization (see 
paragraph 0034 of Fischer). 

Regarding claim 12 , the combination of Allen et al. in view of Fischer teaches 
where the asynchronous e-mail delivery method comprises a synchronization of data 
between a portable computing device and an on-line service (see paragraph 0022 of 
Fischer). 

Regarding claim 21 , the combination of Allen et al. in view of Fischer teaches 
wherein the application server ensures that the token can only be used once by 
authorizing a specific transaction by a specific user on specific data objects (see fig. 3, 
ref. num 318/320 and paragraph 0048 of Allen et al.). 

Regarding claim 6 , Allen et al. teaches all the limitations of claims 1 and 5, 
above. However, Allen et al. does not teach wherein the application server accesses a 
database. 



Fischer teaches wherein the application server accesses a database (paragraph 

0034). 
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It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine accessing a database, as taught by Fischer , with the 
method of Allen et al. It would have been obvious for such modifications because the 
database contains products to be ordered, by accessing the database, correct 
quantities can be obtained. 

Regarding claim 15 . Allen et al. teaches all the limitations of claim 1, above. 
However, Allen et al. does not teach wherein the token specifies an e-mail audit 
signature, and said token is valid only if the transaction is sent from an e-mail program 
via an e-mail delivery path that matches the e-mail audit signature. 

Fischer teaches wherein the token specifies an e-mail audit signature, and said 
token is valid only if the transaction is sent from an e-mail program via an e-mail 
delivery path that matches the e-mail audit signature (paragraph 0025). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine an e-mail audit signature for verifying the token, as 
taught by Fischer , with the method of Allen et al. It would have been obvious for such 
modifications because the audit signature prevents intruders from using a different e- 
mail address to trick the system into thinking the intruder is authorized. 
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Regarding claim 16 , the combination of Allen et al. in view of Fischer teaches 
wherein an e-mail address to which the message is sent varies according to an 
authorized data object and transaction type (see paragraph 0025 of Fischer). 

Regarding claim 19 , Allen et al. teaches all the limitations of claim 1 , above. 
However, Allen et al. does not teach wherein the token is contained in a body or a 
header of an e-mail message. 

Fischer teaches wherein the token is contained in a body or a header of an e- 
mail message (paragraph 0025). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine the token contained in a body or header of an e-mail 
message, as taught by Fischer , with the method of Allen et al. It would have been 
obvious for such modifications because containing the token in the body of an e-mail 
message provides further authentication and authorization (see paragraph 0025 of 
Fischer). 

Regarding claim 20 , Allen et al. teaches all the limitations of claim 1 , above. 
However, Allen et al. does not teach wherein the token and the transaction object are 
attachments to an e-mail message. 
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Fischer teaches wherein the token and the transaction object are attachments to 
an e-mail message (paragraph 0025). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine the token and transaction object are attachments to an 
e-mail message, as taught by Fischer , with the method of Allen et al. It would have 
been obvious for such modifications because containing the token as an attachment of 
an e-mail message provides further authentication and authorization (see paragraph 
0025 of Fischer). 

Regarding claim 23 , Allen et al. teaches all the limitations of claim 1 , above. 
However, Allen et al. does not teach whereon said transaction is selected from the 
group consisting of a database modification, update, adding a file, and editing a file. 

Fischer teaches whereon said transaction is selected from the group consisting 
of a database modification, update, adding a file, and editing a file (paragraph 0022). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine transactions consisting of modifications, updating, 
adding a file, and editing a file, as taught by Fischer with the method of Allen et al. It 
would have been obvious for such modifications because editing a file allows the user to 
obtain the exact purchase order desired by the user. 
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Regarding claim 24 , the combination of Allen et al. in view of Fischer teaches 
further comprising checking out a file, editing the file off-line, and checking in the file as 
an e-mail attachment (see fig. 4, ref. num 64/66/68 of Fischer). 

Regarding claim 26 . Allen et al. teaches all the limitations of claim 1 , above. 
However, Allen et al. does not teach wherein the user comprises a software agent that 
conducts the transaction on behalf of the user. 

Fischer teaches wherein the user comprises a software agent that conducts the 
transaction on behalf of the user (paragraph 0020). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine a software agent that conducts transactions on behalf 
of the user, as taught by Fischer , with the method of Allen et al. It would have been 
obvious for such modifications because a software agent provides an automated 
process for the user to order products from a vendor. 

Regarding claim 27 . Allen et al. teaches all the limitations of claim 1 , above. 
However, Allen et al. does not teach wherein the user sends the message to the on-line 
service while the user is offline from the application server. 
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Fischer teaches wherein the user sends the message to the on-line service while 
the user is offline from the application server (paragraph 0019). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine sending the message to the service while the user is 
offline from the application server, as taught by Fischer , with the method of Allen et al. 
It would have been obvious for such modifications because the user can provide the 
message ahead of time without having to log in to the service (see paragraph 0019 of 
Fischer). This saves time for the user by having the message already provided to the 
on-line service. 

Regarding claim 28 . the combination of Allen et al. in view of Fischer teaches 
wherein the message to the on-line service is sent via e-mail (see paragraph 0025 of 
Fischer). 

Claims 8 and 18 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Allen et al. (USPGPUB *629) in view of Konheim et al. (U.S. Patent No. 4,393,269). 

Regarding claim 8 , Allen et al. teaches all the limitations of claim 1 , above. 
However, Allen et al. does not teach wherein the token is a one-way encryption of at 
least one of an identity of the user, a transaction type, and a data object for which the 
transaction is authorized. 
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Konheim et al. teaches wherein the token is a one-way encryption of at least one 
of an identity of the user, a transaction type, and a data object for which the transaction 
is authorized (col. 23, lines 52-62). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine an one-way encryption of the identity to create the 
token, as taught by Konheim et al. , with the method of Allen et al. It would have been 
obvious for such modifications because the one-way encryption of the identity provides 
a method for verifying both the content of the transaction and the parties involved (see 
abstract of Konheim et al.). 

Regarding claim 18 . Allen et al. teaches all the limitations of claims 1 and 17, 
above. However, Allen et al. does not teach wherein said encrypting comprises issuing 
a temporary public key that is a one-way encryption function of an address to which the 
transaction is to be sent for encryption of the transaction object. 

Konheim et al. teaches wherein said encrypting comprises issuing a temporary 
public key that is a one-way encryption function of an address to which the transaction 
is to be sent for encryption of the transaction object (col. 23, lines 52-62). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine using an one-way encryption function for encrypting 
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the transaction object, as taught by Konheim et al. . with the method of Allen et al. It 
would have been obvious for such modifications because the one-way encryption of the 
identity provides a method for verifying both the content of the transaction and the 
parties involved (see abstract of Konheim et al.). 

Response to Arguments 

6. Applicant argues: 

a. Claim 1 is not taught by Allen to teach an authorization token. Applicant 
argues that Allen teaches a gaming token, but not an authorization token (page 
7, second and third paragraph). 

b. Claims 2, 9-12, 15, 16, 19-21 , 23, 24, and 26 are not remedied fixed by 
the combination of Allen and Fischer (page 8, second and third paragraph). 

c. Claims 8 and 1 8 are not remedied fixed by the combination of Allen and 
Konheim (page 8, last paragraph through page 9, first paragraph). 

Regarding argument (a), examiner disagrees with applicant. Examiner agrees 
with applicant in that Allen teaches a gaming token. The gaming token stores max and 
min values and is modified by the gaming application when the user wins/loses money. 
The gaming token contains a digital signature of the gaming application and the token 
so that only the proper gaming application can modify a certain gaming token. The 
gaming token functions as an authorization token in that when a user logs back into the 
service provider for uploading of the gaming token, the information in the token is 
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checked to verify that the person who logged in is providing a proper token (see 
paragraph 0051-0052 of Allen). In other words, user A can not log in and provide user 
B's gaming token. This is possible because of the signatures in the gaming token. 
Without this feature, any user could log back in and provide any other users' gaming 
token for collection. 

Regarding argument (b), examiner disagrees with applicant. Based on the 
response to argument (a), above, claims 2, 9-12, 15, 16, 19-21, 23, 24, and 26 stand 
rejected. 

Regarding argument (c), examiner disagrees with applicant. Based on the 
response to argument (a), above, claims 8 and 18 stand rejected. 

Conclusion 

7. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon S. Hoffman whose telephone number is 571- 
272-3863. The examiner can normally be reached on M-F 8:30 - 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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